[Bug 894170] Re: libdvdread core dumps with invalid next size
Bryce Harrington
894170 at bugs.launchpad.net
Thu May 17 23:51:08 UTC 2012
@ricky, huh didn't see your comment #9 until now.
Totally understand not wanting to be on too many lists (I feel the
same). However I've found this one to be reasonable (couple emails a
week). In any case I don't really mind forwarding patches there myself
and so can take care of that end.
If you're ever looking for other troublesome movies to work on you can just look at the bugs that have been filed:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/
For instance
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/377414 appears
to affect a lot of mainstream movies.
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/590983 is
another common one.
Anyway, looks like the sru for oneiric has already been uploaded. natty
is pretty long in the tooth so not really worth SRUing that. So I'm
going to close out this bug. Thanks everyone.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/894170
Title:
libdvdread core dumps with invalid next size
Status in “libdvdread” package in Ubuntu:
Fix Released
Status in “libdvdread” source package in Natty:
Won't Fix
Status in “libdvdread” source package in Oneiric:
Fix Committed
Bug description:
SRU Request:
Impact: Oneiric cannot read certain dvds, including "The Express".
Development fix: This is fixed in Precise with the minimal patch
provided in this bug.
Stable fix: An identical minimal patch has been applied to the Oneiric
package
Test Case: Unfortunately, someone needs to try playing the "The
Express" DVD to test this updated package
Regression potential: Although unlikely, this patch may prevent other
DVDs from playing, in which case the patch can be backed out.
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file
ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
allocated, but another variable, extracted from the DVD info
determines the lenght of the array, resulting in read/writes beyond
the array. I truncate the read, but perhaps a better solution would be
to expand the malloc to include the data off the DVD. I believe that,
however could lead to out of memory errors if the DVD data was
bad/invalid.
With the applied patch, dvdbackup no longer segfaults.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+subscriptions
More information about the Ubuntu-sponsors
mailing list